[Bro-Dev] [JIRA] (BIT-1358) Pcap with unusual packet ordering doesn't reassemble
Nicholas Weaver (JIRA)
jira at bro-tracker.atlassian.net
Mon Mar 30 09:26:00 PDT 2015
Nicholas Weaver created BIT-1358:
------------------------------------
Summary: Pcap with unusual packet ordering doesn't reassemble
Key: BIT-1358
URL: https://bro-tracker.atlassian.net/browse/BIT-1358
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.3
Environment: OS-X Yosmeite
Reporter: Nicholas Weaver
Attachments: telnet_test.pcap
The attached PCAP does send traffic in an unusual order (namely the initial data packet appears after the FIN) but telnet did receive the information from the server.
Bro -r {file} Conn::default_extract=T did not extract the reply's contents, and the conn log says "missed bytes" when the bytes "missed" were simply received slightly after the FIN.
--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
More information about the bro-dev
mailing list